How containers work in Linux

an introduction to NameSpaces and Cgroups

A hands on demo of the types of containers that can be brought up in Linux using only the existing distribution tools

This talk will cover the theory of what containers are and how they work in Linux, including why they differ from hypervisors and what specific properties they have. In the demo section we will get into how you actually create and attach individual namespaces and cgroups (with simple demonstrations of the user namespace and the freezer cgroup using the unshare command and /sys/fs/cgroup/freezer). Finally we'll end up with a demonstration of how to bridge two network namespaces with a veth pair and how the ip netns command works